But I don't think your approach of "destroying URL path" is the most efficient. I'd put the logic that counts and controls access requests into a servlet/controller that serves the URL and just return 404s when the count for each URL goes over the limit. You don't need a filter for that, although the same logic can be implemented in a filter.